I use revision control systems for almost all of my software development, deployment, and server configuration. When using Subversion there is, technically, no difference between a working copy on my personal or development machines vs. a working copy on a production server. (Yes, you need a working copy on the production server, because exports cannot be updated that easily.) However, modifications of the checked out code or config files on a production server can cause problems with the next round of updates. Sometimes you just don’t notice that there are conflicts that need to be resolved.

To make sure I notice when a colleague or I have fallen back into the bad habit of changing things on a production server directly, rather than checking in changes to the repository, I have created a Nagios Plugin: it’s called “check_svnstatus”

I’m using the post-commit hook to send out E-mail notifications when changes are committed to Subversion repositories.

If you search the web you’ll find a ton of scripts in various languages for this purpose. They all do more or less the same thing: create an E-mail message for the commit, including such details as the revision author, number, timestamp, a list of the paths that were changed, and a diff of the changes.

For one particular project I wanted the diff as an attachment, though, rather than inline in the message text. So I ended up writing my own script. It’s a Shell script that should work on most Unix/Linux based systems.

A number of Unix/Linux tools, e.g. Subversion (svn) and wget, use OpenSSL when they access HTTPS sites. While I found updating the trusted CA store in curl (which does not use OpenSSL) very easy (I just downloaded their weekly CA bundle), OpenSSL isn’t as self-explaining. You may need this with older Linux distributions like openSUSE 10.3 running on “old” webservers, e.g. when you use svn to track changes of a web-application and keep the repository on encrypted webspace (highly recommended!) and the CA is not trusted in your distribution’s OpenSSL package. I use StartSSL Free Class 1 certificates for some of my private servers and their CA certificate is not included in many older distributions.

First you need to determine where OpenSSL keeps its files on your system. With the aforementioned openSUSE 10.3 this is

cd /etc/ssl/certs

Download your CA’s root certificate

wget http://www.startssl.com/certs/ca.pem -O startssl.pem

Determine the certificate’s hash

openssl x509 -noout -hash -in startssl.pem

For StartSSL this is “33815e15″. Now create a symlink to the certificate file with the hash as the filename and with the filename extension “.0″

Links

This blog is about Information Technology (technical) issues, tips and tricks I find worth sharing with the world. It’s also the home base for all of my open source projects. If you want to support me financially, please go to the Donations page. For moral support please leave a comment, or follow me on Twitter or Facebook: